Date: Mon, 14 Jun 2004 14:43:07 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: cjclark@alum.mit.edu, Doug Barton <DougB@FreeBSD.org>, "freebsd-security@freebsd.org" <freebsd-security@FreeBSD.org>, Remko Lodder <remko@elvandar.org>, "David E. Meier" <dev@eth0.ch>, Dan Rue <drue@therub.org> Subject: Re: [Freebsd-security] Re: Multi-User Security Message-ID: <20040614124307.GD21387@lupe-christoph.de> In-Reply-To: <20040614113858.GA13028@empiric.dek.spc.org> References: <20040518160517.GA10067@therub.org> <OPEPILILPLAKPFCNKOKAGEGHCBAA.remko@elvandar.org> <20040520033024.GA26640@therub.org> <20040606233720.F1850@ync.qbhto.arg> <20040607204149.GC75747@blossom.cjclark.org> <20040609050217.Q5839@ync.qbhto.arg> <20040609145223.GA53862@blossom.cjclark.org> <20040614113858.GA13028@empiric.dek.spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 2004-06-14 at 12:38:58 +0100, Bruce M Simpson wrote: > On Wed, Jun 09, 2004 at 07:52:23AM -0700, Crist J. Clark wrote: > > To do scp-only, you either need (a) a hacked up sshd(8) daemon, (b) a > > jailed environment, or (c) a special shell for the user that only allows > > scp(1) to run. The funny thing is, I think (c) is probably the easiest > > to implement on a mass scale, but seems to be the option most seldom > > considered. > ports/shells/scponly That's a liiiitttle short. ;-) scponly covers both (b) as scponlyc and (c). It works with scp, sftp, WinSCP, gftp and (IIRC) rsync. Great tool. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040614124307.GD21387>